[UNIX] Peer Authentication Vulnerability In Ingate Products (SIP Over TLS - X.509)



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Peer Authentication Vulnerability In Ingate Products (SIP Over TLS -
X.509)
------------------------------------------------------------------------


SUMMARY

It may be possible for an attacker to connect using SIP over TLS even if
an X.509 client certificate is required. It may also be possible for an
attacker to intercept connections to TLS-secured servers that the Ingate
product initiates.

DETAILS

Vulnerable Systems:
* All current versions of Ingate Firewall
* All current versions of Ingate SIParator

The vulnerability is only exploitable if an X.509 certificate uses an RSA
key with exponent 3. The Ingate product never creates such keys by
itself, but if an external CA is used, and if that CA uses exponent 3, the
configuration may be vulnerable. Most CAs uses exponent 65537, and
certificates issued by them are not vulnerable.

SIP installations are vulnerable if any of the certificates in the "TLS CA
Certificates" table on the "Signaling Encryption" tab uses exponent 3.

How to determine if an X.509 certificate uses exponent 3:
If you have the OpenSSL package installed, you can examine a certificate
with a command such as this (assuming that the X.509 certificate is stored
in PEM format in the file named "cert.cer").
openssl x509 -inform pem -in cert.cer -text

Among the lines printed, there will be a line such as:
Exponent: 65537 (0x10001)

If it says 3 instead of 65537 the certificate is vulnerable.

Workaround:
Switch to a CA that don't use exponent 3. If that is not possible, turn
off the SIP module.

Fix:
Since Ingate believes that few of our customers use an external CA that
uses exponent 3, we plan to resolve this issue in the next regular
release. Contact to obtain a patch that fixes this problem if you are
affected.

Background:
The OpenSSL project has released an advisory titled "
<http://www.openssl.org/news/secadv_20060905.txt> RSA Signature Forgery
(CVE-2006-4339)". This advisory possibly affects some installations of
Ingate Firewall and Ingate SIParator.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339>
CVE-2006-4339


ADDITIONAL INFORMATION

The information has been provided by <mailto:ceder@xxxxxxxxxx> Per
Cederqvist.



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [UNIX] Vulnerability in OpenCA Signature Verification
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... OpenCA Project is "an open organization aimed to ... This means that a certificate from another PKI can authorize ... operations on the used PKI if the chain of the used signature certificate ...
    (Securiteam)
  • [NEWS] OpenCA Signature Verification Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to use ... OpenCA which test the signer's certificate. ... included into the signature to create the X.509 object of the signer's ...
    (Securiteam)
  • [NEWS]Aruba Mobility Controller Shared Default Certificate
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Aruba Mobility Controller Shared Default Certificate ...
    (Securiteam)
  • [UNIX] Ruby Net::HTTPS Library Insufficent Validation of Server Certificate CN
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Ruby Net::HTTPS Library Insufficent Validation of Server Certificate CN ... failing to call post_connection_check after the SSL connection has been ...
    (Securiteam)